/*
 * To change this template, choose Tools | Templates
 * and open the template in the editor.
 */

package Servlet;


import JavaBeans.User;
import java.sql.*;
import java.io.IOException;
import java.sql.ResultSet;
import java.sql.SQLException;
import javax.servlet.RequestDispatcher;
import javax.servlet.ServletContext;
import javax.servlet.ServletException;
import javax.servlet.http.*;
/**
 *
 * @author Brian
 */
public class Login extends HttpServlet{


        protected void doGet(HttpServletRequest request, HttpServletResponse response)
            throws IOException, ServletException
    {
            try{
            processRequest(request, response);}catch(Exception e){}
    }

    protected void doPost(HttpServletRequest request, HttpServletResponse response)
            throws IOException, ServletException
    {
            try{
            processRequest(request, response);}catch(Exception e){}
    }
      protected void processRequest(HttpServletRequest request, HttpServletResponse response)
            throws IOException, ServletException, SQLException
    {
          
           Connection connection = (Connection) dataBaseController.getConnection();
           Statement st = null;
           ResultSet rs = null;
           
           String password = request.getParameter("password").trim();
           String userID = request.getParameter("userID").trim();
           if (password.equals("")||userID.equals(""))
           {
              request.setAttribute("message", "invalid ID or password"); 
               
              request.getRequestDispatcher("index.jsp").forward(request, response);
              
           }
           try
           {
              st=(Statement) connection.createStatement();
              rs = (ResultSet) st.executeQuery("SELECT password FROM brchung.person WHERE id = '" + userID+"'");
              rs.next();
              String actualpassword = rs.getString(1);
              if(actualpassword.equals(password))
              {
                  
                 rs = (ResultSet) st.executeQuery("SELECT role FROM brchung.person WHERE id = '" + userID+"'");
                 rs.next();
                 String role = rs.getString(1);
                 
                 rs = (ResultSet) st.executeQuery("SELECT lastname FROM brchung.person WHERE id = '" + userID+"'");
                 rs.next();
                 String lastname = rs.getString(1);

                 rs = (ResultSet) st.executeQuery("SELECT firstname FROM brchung.person WHERE id = '" + userID+"'");
                 rs.next();
                 String firstname = rs.getString(1);
                 
                 rs = (ResultSet) st.executeQuery("SELECT SSN FROM brchung.person WHERE id = '" + userID+"'");
                 rs.next();
                 String ssn = rs.getString(1);

                HttpSession ss = request.getSession(true);
                User user = new User();
                user.setLastname(lastname);
                user.setId(userID);
                user.setSsn(Integer.parseInt(ssn));
                user.setFirstname(firstname);
                user.setRole(role.charAt(0));
                ss.setAttribute("user", user);
                response.sendRedirect("index.jsp");
                return;
            } else
            {
                
              request.setAttribute("message", "invalid ID or password"); 
                request.getRequestDispatcher("index.jsp").forward(request, response);
            }
                
        } catch (Exception e) {
                
              request.setAttribute("message", "invalid ID or password"); 
                request.getRequestDispatcher("index.jsp").forward(request, response);
                
               }
        }
    }


